Abuse INSIGHTS is a python script created to extract the usernames brute forced by a compromised host. This data is extracted by regex from Abuse IP DB’s reporter comments.
$ git clone https://github.com/west-wind/abuse-insights.git
$ cd abuse-insights
$ python abuse-insights.pyThe intention of this script is to obtain insights about the sort of usernames that are attempted in a brute force from a compromised host.
This can be an RDP, SSH etc brute force. Assuming your host was compromised and was used for brute-forcing SSH nodes, and folks started reporting your IP to AbuseIPDB.
When folks report, they sometimes share the raw log, and this log has information related to the username it was attempting to login with.
Generating a list of the usernmaes used can provide insight into the sort of adversary that compromised your host.
It is the end user’s responsibility to obey all applicable local, state and federal laws.
Developer assume no liability and are not responsible for any misuse or damage caused by this program.
This script requires the user to input the AbuseIPDB API key into the configuration file – abuseIPDB_API.conf.
To begin
$ cd abuse-insights
$ python abuse-insights.pyEnter target IP address.
IF the IP address has been reported to Abuse IP DB in the past 90 days, & username data was avaialble, then output will be saved to a csv file – abuseIPDB_Username_Intel.csv.
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…